Encryption is a security technology designed to preserve the privacy and confidentiality of sensitive data that is being stored or transmitted. Sensitive data is routinely stored unencrypted on desktop computers, workstations, notebooks, personal digital assistants (PDAs), cellular telephones, and the like. The hard drives of notebooks are especially at risk as the computers are frequently used in non-secure environments and may be relatively easily removed by an unauthorized user. Computer hard drives may contain strategic data, patent applications, patent drawings, litigation documents, consumer lists, private health care information, payroll data and other types of sensitive data. Users frequently store unencrypted passwords and access codes to corporate networks on notebooks, which may compromise corporate network security. Statistics compiled annually by the FBI show that network security breaches are to a significant extent being perpetrated by employees or contractors who have or can gain access to sensitive data on an intranet. Moreover, unattended desktop PCs become frequent targets for unauthorized users attempting to gain illicit entry into a private network.
Comparatively few cryptographic applications have been developed to protect data, with most of the applications being software-based applications adapted to perform file-level cryptography. File-level cryptography can also be done by various hardware devices such as PCMCIA cards or external ASIC-based devices. On the surface, encrypting only selected files instead of entire hard drives seems to make sense since not all data is confidential. However, file cryptography is inherently slow because the entire file must be decrypted before any portion of the file can be presented to the user. Also, file encryption normally ignores the temporary and swap files that are automatically created and stored in clear text on the hard drive. Worse still, file encryption frequently results in compromised overall system performance, and requires manual intervention by users who may become confused and frustrated by the number of requisite interactive steps embedded in the application. From an organizational point of view, the lack of automatic and transparent cryptographic operation makes it inherently difficult to enforce data security policies on computers, mobile communication devices and networks alike. Furthermore, the level of security attainable with file-level cryptography is questionable, since file encryption programs run under the control of the computer operating system (OS) and the OS lacks sufficient access control. If an unauthorized user were capable of subverting the OS, subverting the file-level cryptography application would be entirely feasible as well. Although PCMCIA encryption cards and external ASIC encryption devices have been designed to provide greater key security and to improve performance, these devices have had only marginal success and suffer from a variety of compatibility issues. It, therefore, becomes increasingly clear that conventional cryptography applications are not suitable for organizations and/or individuals requiring optimized security, convenience and uncompromised system performance.